Select Regions

Think Before You Click on That Great "Job Offer"

Marcus_Soperus
Aug 26, 2007

Page 1 of 10

If you receive a job offer purporting to come via Monster.com, think hard before you respond to it. Hackers using Ukraine-based servers and a Trojan Horse known as
Infostealer.Monstres
, stole names, addresses, phone numbers, email addresses and resume ID numbers belonging to over 1.6 million users (almost all in the US) of the popular job-hunting site. The server's
been shut down
, but as usual, the horse (in this case, a Trojan Horse), is already loose.

[
Correction on 08-27-07:
Because of duplications, the 1.6 million number referred to in the previous paragraph refers to records, not separate individuals (some of whom have more than one record at Monster.com). However, even when duplicates are considered, several hundred thousand job-seeking users have had their information compromised by this data theft- MS]

How They Got the Inside Track

The Infostealer.Monstres malware program stole login information used by legitimate job recruiters. Once the hackers could access the job recruiter section of the Monster.com website, grabbing the information they wanted was easy.

The Real Goal: Your Wallet (and Identity!)

If that was all the hackers were after, it would be a lot of effort for a paltry return. However, Symantec, which tipped off Monster.com that it was under attack, also discovered the real objective of the data theft: a classic identity-theft scheme with a couple of twists.

If you get an email purporting to be from a job recruiter via Monster.com, but asking for bank account information or similar financial data, don't reply to it: it's actually coming from the hackers who engineered the data theft. Give it up, and watch your money disappear.

But Wait! There's More (Pain, That Is)

Even if all you do is click links in the email, your problems are just beginning. According to a report in
Computerworld
, the fake emails contain links to two pieces of malware:

The other (disguised as a program called 'Monster Job Seeker Tool') encrypts files until you pay a fee to unlock the files. Symantec refers to this ransomware program as
TrojanGpcoder.e
, but other antivirus programs are also on its trail. See the
Panda Software blog entry
for a closer look at how it works.

The Easy to Trust Wrapper Makes Them Harder to Stop

According to Symantec's writeups, these threats, by themselves, are not difficult to contain or remove. The problem is that they are concealed inside an official-looking email from a trusted source (in this case, Monster.com). If your system is not running up-to-date antivirus software and you click the link - you're in trouble.

A Few Without Adequate Security Threaten Millions - Again

Sadly, this latest breach of computer security shows the dark side of the interconnected nature of today's technology: a weak spot in some PC users' security (in this case, some recruiters using Monster.com) can be exploited to attack both those users and many, many others. As always, it pays to
think before you click
.

Dream Machine:

Magazine:

For nearly 20 years, Maximum PC is considered by enthusiasts to be the absolute source for the latest hardware reviews, in-depth analysis, and breaking news on the latest PC hardware. Our team of industry experts give you the guidance you need to make the most informed buying decisions and deliver the best guides on how to use and optimize your experience. If you’re looking for the definitive reference on PC hardware, you’ve found it.